When you are deploying SCOM agents to many servers from a test or prod environment, it could happen that a server administrator steps up to you and tells you that he has many strange event log entries which are probably from SCOM. Like in this example here…
As we can easily identify there must be a a rule or monitor from a NiCE MP and in addition we got the information from the administrator that it is happen on server01. With this knowledge you can start your research. Go to Monitoring / Operations Manager / Agent Details / Agents By Version …
There is a task which is not very known by many people called Show Running Rules and Monitors for this Health Service…
After running this task you get an output like this…
If you expand this you will find many entries, in my case I was pretty sure it was a manually / GUI created rule / monitor therefore I was checking the sections for these entries like *UIGeneratedRule or *UIGeneratedMonitor…
This looks promising so let’s figure out what the exact rule name is…
Then lets search for the company.special.nice.rule in Authoring / Management Pack Objects / Rules…
If we check the properties of the rule we find some references to the Windows event entry description…
Well this is not groundbreaking stuff but I think it helps identify workflows and solve issues related to workflows.
Thanks very much for another very useful post Stefan 🙂
Just one small point for future posts perhaps, the resolution of the screen shots is very low to cannot see the text in some of them like the opsmgr command shell for example.